İbrahim BALOĞLU - Siber Güvenlik Paylaşımları

Aralık ayına özel olarak, Siber Olaylara Müdahale Eğitimi’ni avantajlı indirim fırsatıyla satın alabilirsiniz. 🔥 https://lnkd.in/d_uT9kkM

#Malware_analysis 1⃣ Ghostframe Phishing Kit https://blog.barracuda.com/2025/12/04/threat-spotlight-ghostframe-phishing-kit 2⃣ EtherRAT Ethereum implant in React2Shell attacks https://www.sysdig.com/blog/etherrat-dprk-uses-novel-ethereum-implant-in-react2shell-attacks 3⃣ BYOVD loader behind DeadLock ransomware attack https://blog.talosintelligence.com/byovd-loader-deadlock-ransomware 4⃣ BRICKSTORM/WARP PANDA Malware https://www.crowdstrike.com/en-us/blog/warp-panda-cloud-threats

BRICKSTORM Backdoor PDF #malware #nsa #china

CVE-2025-66478 Next.js-RSC-RCE * Добавили Runtime Memory Shell

#Analytics #Threat_Research An analytical review of the main cybersecurity events for the week (November 29 - December 06, 2025) 1⃣  Critical Vulnerabilities in React Server Components and Next.js // ~39% of cloud environments are vulnerable to React2Shell attacks. Exploitation is likely imminent... 2⃣  K7 Antivirus: Named pipe abuse, registry manipulation and privilege escalation // Multiple patches were released to fix the issue, including caller validation and process protection, but bypass techniques involving DLL manual mapping and binary renaming remain effective... 3⃣  IBM Released a Framework for Breaking AI on Purpose - AI Robustness Evaluation System (ARES) // It enables developers and security researchers to define targets, craft adversarial payloads, and assess AI behavior under various threat models. ARES models an attacker probing an AI endpoint - such as a hosted model, an agentic AI application, or REST API - by automating attack scenarios 4⃣  4.3 Million Browsers Infected: Inside ShadyPanda's 7-Year Malware Campaign // A group or individual released several browser extensions that worked fine for years until an update injected malicious code into the extension 5⃣  A High-Severity WebAssembly Boundary Condition Vulnerability in Firefox (CVE-2025-13016) // For six months, a subtle pointer arithmetic error in Firefox's WebAssembly implementation silently wrote past stack buffers in hundreds of millions of browsers worldwide.. 6⃣  Kaspersky Security Bulletin 2025 Released // The statistics in this report cover the period from November 2024 through October 2025 ]-> Awesome Annual Security Reports 7⃣ Nuclei Release v3.6.0 // new features, improvements and fixes ]-> Analytical review (Nov. 22-29, 2025)

#Malware_analysis 1⃣ Malicious VS Code Extension Impersonating "Material Icon Theme" https://www.nextron-systems.com/2025/11/28/malicious-vs-code-extension-impersonating-material-icon-theme-found-in-marketplace ]-> Analysis of the Rust implants found in the malicious VS Code extension 2⃣ CastleLoader & CastleRAT: Behind TAG150’s Modular Malware Delivery System https://www.darktrace.com/blog/castleloader-castlerat-behind-tag150s-modular-malware-delivery-system 3⃣ Analyzing the latest Sneaky2FA Browser-in-the-Browser phishing page https://pushsecurity.com/blog/analyzing-the-latest-sneaky2fa-phishing-page 4⃣ TangleCrypt: a sophisticated but buggy malware packer https://labs.withsecure.com/publications/tanglecrypt

Fortinet FortiWeb * auth bypass vuln * check vuln

#Malware_analysis 1⃣ An analysis of a recent version of Formbook https://isc.sans.edu/diary/Formbook+Delivered+Through+Multiple+Scripts/32480 2⃣ Kraken cross-platform ransomware https://blog.talosintelligence.com/kraken-ransomware-group 3⃣ Analysis of a recent SamtApeSG campaign taking advantage of ClickFix https://isc.sans.edu/diary/SmartApeSG+campaign+uses+ClickFix+page+to+push+NetSupport+RAT/32474 4⃣ DigitStealer - JXA-based macOS infostealer https://www.jamf.com/blog/jtl-digitstealer-macos-infostealer-analysis 5⃣ RONINGLOADER gh0st RAT variant https://www.elastic.co/security-labs/roningloader

CVE-2025-26686 * RCE in Windows 10/11/Srv * The-TCP-IP-Flaw-That-Opens-the-Gates

вдруг вам надо PE-XRay-EDR

CVE-2025-6554 * Google Chrome Zero-Day

CVE-2025-64495 * Open WebUI Stored DOM XSS Vuln POC

#Analytics #Threat_Research An analytical review of the main cybersecurity events for the week (November 1-8, 2025) 1⃣  Breaking Down the Balancer v2 Hack // The Balancer hack in 2025, caused by a longstanding rounding bug, highlights the need for rigorous math correctness, thorough testing, continuous security updates, and layered defenses in DeFi ]-> Analysis and guidance for DeFi ecosystem 2⃣  RDSEED Failure on AMD "Zen 5" Processors // CVE-2025-62626. The RDSEED function for AMD’s Zen 5 processors does return 0 more often than it should... 3⃣  GTIG AI Threat Tracker: Advances in Threat Actor Usage of AI Tools // Based on recent analysis of the broader threat landscape, Google Threat Intelligence Group has identified a shift that occurred within the last year: adversaries are no longer leveraging AI just for productivity gains, they are deploying novel AI-enabled malware in active ops ]-> a comprehensive guide to developing AI/ML systems is available on the channel 4⃣  Improvements to Open VSX Security // In reference to the Glassworm incident, OpenVSX published a blog post outlining some of the security improvements they will make to prevent a repeat of this incident 5⃣  MS Teams Impersonation and Spoofing Vulnerabilities // four vulnerabilities in MS Teams that allow attackers to impersonate executives, manipulate messages, alter notifications, and forge identities in video/audio calls. Both external guest users and malicious insiders could exploit these flaws 6⃣ The channel's most read publication in October // Don’t Look Up: There Are Sensitive Internal Links in the Clear on GEO Satellites ]-> Analytical review (Oct.25 - Nov.1, 2025)

Протекло Venom C2

CVE-2025-6554 * Google Chrome Zero-Day

#Malware_analysis 1⃣ SesameOp backdoor https://www.microsoft.com/en-us/security/blog/2025/11/03/sesameop-novel-backdoor-uses-openai-assistants-api-for-command-and-control 2⃣ LANDFALL Android Spyware https://unit42.paloaltonetworks.com/landfall-is-new-commercial-grade-android-spyware 3⃣ DragonForce ransomware-as-a-service https://www.acronis.com/en/tru/posts/the-dragonforce-cartel-scattered-spider-at-the-gate 4⃣ LeakyInjector and LeakyStealer Duo https://hybrid-analysis.blogspot.com/2025/11/leakyinjector-and-leakystealer-duo.html 5⃣ Ransomvibing in VS Code extensions https://secureannex.com/blog/ransomvibe

#Offensive_security #Red_Team_Tactics SID filter as security boundary between domains? Part 1 - Kerberos authentication explained Part 2 - Known AD attacks - from child to parent Part 3 - SID filtering explained Part 4 - Bypass SID filtering research Part 5 - Golden GMSA trust attack - from child to parent Part 6 - Schema change trust attack - from child to parent Part 7 - Trust account attack - from trusting to trusted // In part 1, we explain everything you need to know about the underlying Kerberos authentication mechanisms to understand the attacks, defenses, and research in the rest of the series. Part 2 reviews known methods of escalating from a child domain to a parent domain. Part 3 describes known methods for preventing attacks using SID filtering. Part 4-7 describe our research findings and novel trust attacks